Plaintext Transmission of Admin and Setup Passwords in phpGroupWare

Plaintext Transmission of Admin and Setup Passwords in phpGroupWare

CVE-2004-2578 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

phpGroupWare before 0.9.16.002 transmits the (1) header admin and (2) setup passwords in plaintext via cookies, which allows remote attackers to sniff passwords.

Learn more about our Web Application Penetration Testing UK.